Skip to content

Commit

Permalink
WIP
Browse files Browse the repository at this point in the history
  • Loading branch information
@nordicjm
nordicjm committed Jan 9, 2025
1 parent fbad1a6 commit 8143c67
Show file tree
Hide file tree
Showing 5 changed files with 137 additions and 11 deletions.
1 change: 1 addition & 0 deletions boot/bootutil/include/bootutil/image.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,7 @@ struct flash_area;
* the format and size of the raw slot (compressed)
* signature
*/
#define IMAGE_TLV_COMP_DEC_SIZE 0x73 /* Compressed decrypted image size */
/*
* vendor reserved TLVs at xxA0-xxFF,
* where xx denotes the upper byte
Expand Down
20 changes: 20 additions & 0 deletions boot/bootutil/src/image_validate.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -618,12 +618,14 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index,
goto out;
}

LOG_ERR("check hash");
FIH_CALL(boot_fih_memequal, fih_rc, hash, buf, sizeof(hash));
if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
FIH_SET(fih_rc, FIH_FAILURE);
goto out;
}

LOG_ERR("image hash valid = 1");
image_hash_valid = 1;
break;
}
Expand Down Expand Up @@ -678,6 +680,8 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index,
if (rc) {
goto out;
}
LOG_ERR("check signature");

#ifndef MCUBOOT_SIGN_PURE
FIH_CALL(bootutil_verify_sig, valid_signature, hash, sizeof(hash),
buf, len, key_id);
Expand All @@ -690,6 +694,8 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index,
hdr->ih_hdr_size + hdr->ih_img_size + hdr->ih_protect_tlv_size,
buf, len, key_id);
#endif
LOG_ERR("image signature valid = %d", valid_signature);

key_id = -1;
break;
}
Expand Down Expand Up @@ -764,43 +770,54 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index,
image_hash_valid = 0;
FIH_SET(valid_signature, FIH_FAILURE);

LOG_ERR("check decompression hash");
rc = bootutil_img_hash_decompress(enc_state, image_index, hdr, fap, tmp_buf, tmp_buf_sz,
hash, seed, seed_len);
if (rc) {
LOG_ERR("w1");
goto out;
}

rc = bootutil_tlv_iter_begin(&it, hdr, fap, IMAGE_TLV_DECOMP_SHA, true);
if (rc) {
LOG_ERR("w2");
goto out;
}

if (it.tlv_end > bootutil_max_image_size(fap)) {
LOG_ERR("w3");
rc = -1;
goto out;
}

while (true) {
rc = bootutil_tlv_iter_next(&it, &off, &len, &type);
if (rc < 0) {
LOG_ERR("w4");
goto out;
} else if (rc > 0) {
LOG_ERR("w4");
break;
}

if (type == IMAGE_TLV_DECOMP_SHA) {
/* Verify the image hash. This must always be present. */
if (len != sizeof(hash)) {
LOG_ERR("w5");
rc = -1;
goto out;
}
rc = LOAD_IMAGE_DATA(hdr, fap, off, buf, sizeof(hash));
if (rc) {
LOG_ERR("w6");
goto out;
}

LOG_HEXDUMP_ERR(hash, sizeof(hash), "hash");
LOG_HEXDUMP_ERR(buf, sizeof(hash), "buf");
FIH_CALL(boot_fih_memequal, fih_rc, hash, buf, sizeof(hash));
if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
LOG_ERR("w7");
FIH_SET(fih_rc, FIH_FAILURE);
goto out;
}
Expand All @@ -811,9 +828,12 @@ bootutil_img_validate(struct enc_key_data *enc_state, int image_index,

rc = !image_hash_valid;
if (rc) {
LOG_ERR("w8");
goto out;
}

LOG_ERR("w9");

#ifdef EXPECTED_SIG_TLV
#if !defined(CONFIG_BOOT_SIGNATURE_USING_KMU) && defined(EXPECTED_KEY_TLV)
rc = bootutil_tlv_iter_begin(&it, hdr, fap, EXPECTED_KEY_TLV, false);
Expand Down
5 changes: 4 additions & 1 deletion boot/bootutil/src/loader.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1029,6 +1029,7 @@ boot_is_header_valid(const struct image_header *hdr, const struct flash_area *fa
#else
if (MUST_DECOMPRESS(fap, BOOT_CURR_IMG(state), hdr)) {
if (!boot_is_compressed_header_valid(hdr, fap, state)) {
LOG_ERR("compressed header not valid");
return false;
}
}
Expand Down Expand Up @@ -1229,17 +1230,19 @@ boot_validate_slot(struct boot_loader_state *state, int slot,
}
#endif
if (!boot_is_header_valid(hdr, fap, state)) {
LOG_ERR("header invalid");
fih_rc = FIH_FAILURE;
} else {
BOOT_HOOK_CALL_FIH(boot_image_check_hook, FIH_BOOT_HOOK_REGULAR,
fih_rc, BOOT_CURR_IMG(state), slot);
if (FIH_EQ(fih_rc, FIH_BOOT_HOOK_REGULAR)) {
FIH_CALL(boot_image_check, fih_rc, state, hdr, fap, bs);
LOG_ERR("boot image check = %d", fih_rc);
}
}
if (FIH_NOT_EQ(fih_rc, FIH_SUCCESS)) {
if ((slot != BOOT_PRIMARY_SLOT) || ARE_SLOTS_EQUIVALENT()) {
flash_area_erase(fap, 0, flash_area_get_size(fap));
// flash_area_erase(fap, 0, flash_area_get_size(fap));
/* Image is invalid, erase it to prevent further unnecessary
* attempts to validate and boot it.
*/
Expand Down
6 changes: 6 additions & 0 deletions boot/bootutil/src/tlv.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,28 +43,34 @@ bootutil_tlv_iter_begin(struct image_tlv_iter *it, const struct image_header *hd
struct image_tlv_info info;

if (it == NULL || hdr == NULL || fap == NULL) {
printk("aa1\n");
return -1;
}

off_ = BOOT_TLV_OFF(hdr);
if (LOAD_IMAGE_DATA(hdr, fap, off_, &info, sizeof(info))) {
printk("aa2\n");
return -1;
}

if (info.it_magic == IMAGE_TLV_PROT_INFO_MAGIC) {
if (hdr->ih_protect_tlv_size != info.it_tlv_tot) {
printk("aa3 %d vs %d\n", hdr->ih_protect_tlv_size, info.it_tlv_tot);
return -1;
}

if (LOAD_IMAGE_DATA(hdr, fap, off_ + info.it_tlv_tot,
&info, sizeof(info))) {
printk("aa4\n");
return -1;
}
} else if (hdr->ih_protect_tlv_size != 0) {
printk("aa5\n");
return -1;
}

if (info.it_magic != IMAGE_TLV_INFO_MAGIC) {
printk("aa6\n");
return -1;
}

Expand Down
Loading

0 comments on commit 8143c67

Please sign in to comment.